• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Access Policies Messing up

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Access Policies Messing up Page: [1]
Login
Message << Older Topic   Newer Topic >>
Access Policies Messing up - 12.Dec.2006 2:02:27 PM   
skamionek

 

Posts: 28
Joined: 1.Sep.2006
Status: offline 		Please help.   I have tried everything and I'm going crazy.

Access Policies:

RPC
           Action-Allow      Protocols-All Outbound   From – Internal/LocalHost   To – Internal/LocalHost   Condition –
All Users

SMTP
           Action-Allow      Protocols-SMTP Server   From – External   To – 10.0.0.12   Condition –
All Users

NJG-Restricted
           Action-Deny      Protocols-All Outbound   From – Internal  To – External and NJG-AllowedWebsites   Condition –

NJG-WebAccess

NJG-Full
           Action-Allow      Protocols-All Outbound   From – Internal  To – External   Condition – NJG-FullWebAccess

Test
           Action-Allow      Protocols-All Outbound   From – Internal  To – External   Condition – All Users

Default
           Action-Deny      Protocols-All Traffic   From – All Networks  To – All Networks   Condition – All Users


NJG-AllowedWebSites = Domain list of allowed websites
NJG-WebAccess = List of Domain Users that have limited web access
NJG-FullWebAccess = List of Domain Users that have full web access


Issues:
1.                   If NJG-Restricted is enabled a user in group NJG-FullWebAccess they cannot FTP
2.                   If NJG-Restricted and NJG-Full are enabled a user in NJG-FullWebAccess cannot FTP
3.                   If NJG-Restricted has an exception for Condition of NJG-FullWebAccess a user in NJG-WebAccess has Full web access




Also when the first is enabled users try an approved website with http://www.domainname.com they can get to the website but when they use http://domainname.com or just domainname.com they get the denied webpage. 

Please help!!!!  I need to sleep
Post #: 1
RE: Access Policies Messing up - 13.Dec.2006 7:50:19 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Make sure the users haven't disabled the Firewall client.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to skamionek)
Post #: 2
RE: Access Policies Messing up - 13.Dec.2006 4:48:08 PM   
skamionek

 

Posts: 28
Joined: 1.Sep.2006
Status: offline 		Tom,
The users, how can we stop them from closing the client?  Both groups have the client installed but the Full access group fails. 

We have the two groups then we have the IT group.  We don't want the ISA client and want to have access to the outside world

(in reply to tshinder)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Access Policies Messing up Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts